XFS - Cross Frame Scripting
Definition:
The frame which is vulnerable to Hackers to edit Source hence to Destroy it Structure partially or fully .
Types of XFS :
- temporary
- permanent ( rare )
temporary
in this type of vulnerable the user can only take control over only his side with a normal redirect ( works only for tester ) (the url remains same )
Permanent :
in this type the vulnerable will come via url and it is visible in every part of world until unless the vulnerable is fixed .
Finding vulnerable :
the vulnerable revolves around the site with many Iframe's . So you need choose the website wisely . do not choose if Iframe's is coded in complete pure html . every thing else works !
Things needed :
1)Firefox
FireFox is the best browser for hacker .
2) Tamper Data Addon
A addon for firefox which Catches GET's And POST's which are most important in XFS .
3) A brain
Huh > you have it right ?
4) Cookie Manager/Editor Addon
exploiting :
the Formula Must should be :
home page --> sub link --> iframe
Lets take a Example as " chrome download page " ( just a Example no XFS exists )
i.e :
PHP Code:
https://www.google.com/intl/en/chrome/browser/ Open up Tamper data In Firefox :
After that , Now Click Start tamper !
Click the sub link which will Direct you to a direct IFrame .
Take a note Pad And write Down all the Commands listed in tamper data
i.e Example :
PHP Code:
12x GET's
5x POST's now make sure it has 1-5 POST's and reaming are all GET's
Now , Go back from browser And click again now make Sure you leave All the GET's And when Ever you got a POST Command edit all the fields to
PHP Code:
XFS Now you need to do minor Editing in the url to check its weather XFS or not .
lets try it out :
PHP Code:
x.com/thread-01/view;POST1
Result:Same as Original
x.com/thread-01/view;POST2
Result: Same as Original
x.com/thread-01/view;POST3
Result: Same as Original
x.com/thread-01/view;POST4
Result: Same as Original
x.com/thread-01/view;POST5
Result: Broken I Frame ( we got it !!) Viola! we got it .
Now edit the cookie of that page with cookie Manager ! Set it to "
POST5 "
Now reload page and see the result is same or not .
its same We got it right !
Now If you want to Redirect use as follows code
PHP Code:
x.com/thread-01/view;POST5;redir.php?=www.google.com And if you want to popup use this code
PHP Code:
x.com/thread-01/view;POST5;alert("XFS")
0 (mga) komento:
Mag-post ng isang Komento